-
Notifications
You must be signed in to change notification settings - Fork 443
/
JsonWebSignatureTest.java
117 lines (102 loc) · 4.26 KB
/
JsonWebSignatureTest.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
/*
* Copyright (c) 2012 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
* in compliance with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License
* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
package com.google.api.client.json.webtoken;
import com.google.api.client.testing.json.MockJsonFactory;
import com.google.api.client.testing.json.webtoken.TestCertificates;
import com.google.api.client.testing.util.SecurityTestUtils;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.List;
import javax.net.ssl.X509TrustManager;
import org.junit.Assert;
import org.junit.Test;
/**
* Tests {@link JsonWebSignature}.
*
* @author Yaniv Inbar
*/
public class JsonWebSignatureTest {
@Test
public void testSign() throws Exception {
JsonWebSignature.Header header = new JsonWebSignature.Header();
header.setAlgorithm("RS256");
header.setType("JWT");
JsonWebToken.Payload payload = new JsonWebToken.Payload();
payload
.setIssuer("issuer")
.setAudience("audience")
.setIssuedAtTimeSeconds(0L)
.setExpirationTimeSeconds(3600L);
RSAPrivateKey privateKey = SecurityTestUtils.newRsaPrivateKey();
Assert.assertEquals(
"..kDmKaHNYByLmqAi9ROeLcFmZM7W_emsceKvDZiEGAo-ineCunC6_Nb0HEpAuzIidV-LYTMHS3BvI49KFz9gi6hI3"
+ "ZndDL5EzplpFJo1ZclVk1_hLn94P2OTAkZ4ydsTfus6Bl98EbCkInpF_2t5Fr8OaHxCZCDdDU7W5DSnOsx4",
JsonWebSignature.signUsingRsaSha256(privateKey, new MockJsonFactory(), header, payload));
}
private X509Certificate verifyX509WithCaCert(TestCertificates.CertData caCert)
throws IOException, GeneralSecurityException {
JsonWebSignature signature = TestCertificates.getJsonWebSignature();
X509TrustManager trustManager = caCert.getTrustManager();
return signature.verifySignature(trustManager);
}
@Test
public void testImmutableSignatureBytes() throws IOException {
JsonWebSignature signature = TestCertificates.getJsonWebSignature();
byte[] bytes = signature.getSignatureBytes();
bytes[0] = (byte) (bytes[0] + 1);
byte[] bytes2 = signature.getSignatureBytes();
Assert.assertNotEquals(bytes2[0], bytes[0]);
}
@Test
public void testImmutableSignedContentBytes() throws IOException {
JsonWebSignature signature = TestCertificates.getJsonWebSignature();
byte[] bytes = signature.getSignedContentBytes();
bytes[0] = (byte) (bytes[0] + 1);
byte[] bytes2 = signature.getSignedContentBytes();
Assert.assertNotEquals(bytes2[0], bytes[0]);
}
@Test
public void testImmutableCertificates() throws IOException {
JsonWebSignature signature = TestCertificates.getJsonWebSignature();
List<String> certificates = signature.getHeader().getX509Certificates();
certificates.set(0, "foo");
Assert.assertNotEquals("foo", signature.getHeader().getX509Certificates().get(0));
}
@Test
public void testImmutableCritical() throws IOException {
JsonWebSignature signature = TestCertificates.getJsonWebSignature();
List<String> critical = new ArrayList<>();
signature.getHeader().setCritical(critical);
critical.add("bar");
Assert.assertNull(signature.getHeader().getCritical());
}
@Test
public void testCriticalNullForNone() throws IOException {
JsonWebSignature signature = TestCertificates.getJsonWebSignature();
Assert.assertNull(signature.getHeader().getCritical());
}
@Test
public void testVerifyX509() throws Exception {
X509Certificate signatureCert = verifyX509WithCaCert(TestCertificates.CA_CERT);
Assert.assertNotNull(signatureCert);
Assert.assertTrue(signatureCert.getSubjectDN().getName().startsWith("CN=foo.bar.com"));
}
@Test
public void testVerifyX509WrongCa() throws Exception {
Assert.assertNull(verifyX509WithCaCert(TestCertificates.BOGUS_CA_CERT));
}
}